From patchwork Thu Sep 14 19:31:53 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 112643 Delivered-To: patch@linaro.org Received: by 10.140.106.117 with SMTP id d108csp1156454qgf; Thu, 14 Sep 2017 12:32:39 -0700 (PDT) X-Received: by 10.98.205.72 with SMTP id o69mr12369654pfg.194.1505417559228; Thu, 14 Sep 2017 12:32:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1505417559; cv=none; d=google.com; s=arc-20160816; b=pdg+BXB6q42i+ur8SNxQ3RHMNbfpYU8QlKVrp1EwDpL8p41eodHWj8z/GPtBzwhNrB LPeiHEFnkpdeZ+BZ22PsFF1kXmZI56raIiulxWMVRwEZJmzSunAuNJXKpzkhPMI0O1kF mwErQ0KWni4aWczbFg3N4BZEuk7tJ2a55HBcb454YcgSTmmPgmQtb8VkIMilViw1O2zv RzORpP9PK1w0JNh9ZByqhsW9unKKSglkqlrQJjW/IkDcHrjF460SXedb74ssV0kc6ASP pniMdTr3x+zuQslThz91Mu/BQnlKpMposoKFGser9TFBfmbqpj3obXv+JJiokTewPZrP AQ1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=K8iaGqSHF2diY0FNzbvzC2IJ1CYhLdYQb5rbg8V0lRQ=; b=aGCjLWo2ksccnjAcsL8HG3vppcVZmrMs3kBywCN61RQuLHXAZDd55cYn2OfjvtEFRV 7TaC+Uyy6V8dXJwSACHmplLqU4iXfOFnVYlACZ9Uv1X3ek8Sm5pNBhqiV40wqB6zu+0s Iq+1uC7K5Vo3cHyUMGrSAx7K5U5Sq2yC3IDEo1FUAilc9mhFRiG3c88RBRt7pncYwI1u JtGXaikkOHpnULAW2ZlezjCjoIMvczkfj85yETrvnQAfG8++OeWNER6RTY+Vl7AI2YsD r1hu/qZaYq8ttYxTDaUJxIfsAaNdx9JFzSigQxKT62D3ilSzsrWlTaXAEzhtKfD2y/MI WNLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=bOWprzsM; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 68si12838525pla.642.2017.09.14.12.32.39; Thu, 14 Sep 2017 12:32:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=bOWprzsM; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751654AbdINTch (ORCPT + 2 others); Thu, 14 Sep 2017 15:32:37 -0400 Received: from mail-pg0-f47.google.com ([74.125.83.47]:46308 "EHLO mail-pg0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751781AbdINTcg (ORCPT ); Thu, 14 Sep 2017 15:32:36 -0400 Received: by mail-pg0-f47.google.com with SMTP id i130so209940pgc.3 for ; Thu, 14 Sep 2017 12:32:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=+jRKoYktQ+tJxD8eh8kcG2BFoqsqV7iHCXg6A2S4eCc=; b=bOWprzsM0GhnuQY33qMfADOZ/5l3Q2MBWOKyXrGlm2wJmfT2FUxgY9U1lHJG/J6Ns4 hxG82b+9+4sJgdF/34WBYr2y7bSiUNpsd1qJ9CpYZQDgOFEyZGditINZK/+AWTG/OwWR xIpRrhYBXNN/axl5PyPmqmHHz43Gz//CMHlSk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=+jRKoYktQ+tJxD8eh8kcG2BFoqsqV7iHCXg6A2S4eCc=; b=oRjRyG6qCCTRfQQitWOp09uZzlkW6Hq/7nIXRjQmC0pDGOls2ZKuZzGQkkA63uciSd OIMaxSyNDTuLIa+ND7a/RJJy0PsQQFmRz3dy+Lzsotlc2LKYyM65Sa7gzgd950HlqEEI f65wdvGnf6/wVwkuv9SYBYk9+BPIp1DAF5fHccBtEkKaLkHy8xVFhqiYGY3fmle2F7sM jwUlEcTkyS9A/wt01RUTVJoG6r/15rOUpMwuek+awcYdThuQ6+7bG8pQqWN5whI+N+gd vXhr2y4eJoszQWEc4a5LDtT30C/7Q/9S8c3O+7+nQV7rtJEEY51iYNU03UASBjOCC0mA YI7g== X-Gm-Message-State: AHPjjUgPhUw5jztWZqAI68d9Dhr2Yl7NX7MYPpT8dKGtVjCobrteJ2jG YmiCvmJcHM6ShAzIvAqRaw== X-Google-Smtp-Source: ADKCNb6XzCsDPWtJranq9D+RWPJTAD1NXBANSl4gwDYfkyl6VxM8cZJ99E7r5PzB67kzz4jLQh97Sg== X-Received: by 10.99.42.66 with SMTP id q63mr22854729pgq.305.1505417555532; Thu, 14 Sep 2017 12:32:35 -0700 (PDT) Received: from localhost.localdomain ([12.145.98.253]) by smtp.gmail.com with ESMTPSA id b7sm28258299pge.79.2017.09.14.12.32.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Sep 2017 12:32:34 -0700 (PDT) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Ard Biesheuvel , Stephen Boyd , Matt Fleming Subject: [PATCH] arm64: efi: ignore EFI_MEMORY_XP attribute if RP and/or WP are set Date: Thu, 14 Sep 2017 12:31:53 -0700 Message-Id: <20170914193153.18520-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org The UEFI memory map is a bit vague about how to interpret the EFI_MEMORY_XP attribute when it is combined with EFI_MEMORY_RP and/or EFI_MEMORY_WP, which have retroactively been redefined as cacheability attributes rather than permission attributes. So let's ignore EFI_MEMORY_XP if _RP and/or _WP are also set. In this case, it is likely that they are being used to describe the capability of the region (i.e., whether it has the controls to reconfigure it as non-executable) rather than the nature of the contents of the region (i.e., whether it contains data that we will never attempt to execute) Cc: Stephen Boyd Cc: Matt Fleming Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/efi.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Reported-by: Stephen Boyd Tested-by: Stephen Boyd diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c index 82cd07592519..f85ac58d08a3 100644 --- a/arch/arm64/kernel/efi.c +++ b/arch/arm64/kernel/efi.c @@ -48,7 +48,9 @@ static __init pteval_t create_mapping_protection(efi_memory_desc_t *md) return pgprot_val(PAGE_KERNEL_ROX); /* RW- */ - if (attr & EFI_MEMORY_XP || type != EFI_RUNTIME_SERVICES_CODE) + if (((attr & (EFI_MEMORY_RP | EFI_MEMORY_WP | EFI_MEMORY_XP)) == + EFI_MEMORY_XP) || + type != EFI_RUNTIME_SERVICES_CODE) return pgprot_val(PAGE_KERNEL); /* RWX */